OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes (followup)
Vikash Badal - PCS
VikashB at ComparexAfrica.co.za
Thu Jul 10 21:09:11 EST 2003
Greetings,
Problem : Openssh3.6.1p2 on UnixWare 7.1.1 allows access to passwordless
account without a valid key when sshd_config has PasswordAuthentication no
+ PermitEmptyPasswords yes
Attempts:
Installed maintence pack3 and recompiled both OpenSSH and OpenSSL (0.9.7b)
with native c compiler.
Recompiled both OpenSSH and OpenSSL (0.9.7b) with gcc (2.95.2).
Still the same problem.
Looking at auth2.c line 185-190:
authenticated = m->userauth(authctxt);
sets authenticate to 1 when PermitEmptyPasswords ==> yes
I found only one reference to userauth()
in sshconnect2.c (line 279)
I do not understand the code m->userauth(authctxt);
Please assist.
Vikash
More information about the openssh-unix-dev
mailing list